Blog

/

Article

/

Smart User Verification: Enhancing Fraud Prevention with Alternative Data

Article

Smart User Verification: Enhancing Fraud Prevention with Alternative Data

Author's profile picture

Uros Pavlovic

October 23, 2024

Smart User Verification: Enhancing Fraud Prevention with Alternative Data

Verifying the identity of users is critical for protecting businesses from fraud. This is not just vital for digital-native companies and neobanks, but also for a variety of organizations that require a streamlined yet secure approach to digital onboarding, sign in verification and user authentication to ensure a constant business flow. As more services move online, the risks associated with fraudulent sign-ups and identity theft continue to rise, leaving companies vulnerable to financial loss and reputational damage. In today’s evolving business environment, an effective way to mitigate these risks is to strengthen existing user verification methods with alternative data sources. This article explores how companies can enhance their user verification processes by using data breach history, digital signals, and alternative data sources.

What is user verification?

User verification is the process of confirming that an individual attempting to access a specific service is who they claim to be. In the context of fintech and financial services, this step is crucial when wanting to prevent fraud, onboard new customers and conduct transactions in compliance with regulations.

Traditionally, user verification methods rely on password and email checks, two-factor authentication (2FA), and so on. However, numerous innovative businesses are turning to digital signals that offer a more in-depth analysis of users' email addresses, phone numbers, and IP addresses to verify users without requiring physical documents or biometric checks. This approach is especially important in preventing new account fraud, where bad actors attempt to open fake accounts using stolen or synthetic identities, built using a mix of real, stolen and fabricated personal information.

Unlike the standard process of identity verification, which often involves time-consuming processes like validating a photo of a user’s ID cards, user verification in the digital age focuses on analyzing trust and risk signals in real time at the very beginning of any digital interaction. Companies can more accurately assess whether a user is trustworthy by cross-referencing the data points they are being provided, uncovering suspicious patterns that traditional user verification would be unable to spot.

As fraudsters become more sophisticated, relying solely on basic verification forms exposes businesses to unnecessary risks. This is why financial institutions and fintech companies are adopting more robust methods that use alternative data sources to detect risks earlier in the process. User verification now plays a pivotal role in securing digital interactions and ensuring that customers are legitimate from the very first moment they enter the system.

How does name matching support user verification?

Digital signals, like those originating from email addresses and phone numbers, play a critical role in helping businesses uncover deeper insights about their users. A new breed of tech platforms specializes in analyzing precisely these signals to provide actionable user data in real time. The result? Companies are empowered to make more informed decisions about users’ potential risks.

Various data sources and matching techniques can be used to strengthen user verification, including:

  • Email-to-Name & Phone-to-Name Matching - It is possible to discover which names are linked to a specific email address and/or phone number by checking various public online sources, such as popular social media sites, digital services and e-commerce platforms.
  • Email String Analysis - A detailed analysis of email composition, as well as domain checks for shady patterns, placeholders, and redirects, is an underutilized method of user verification and name matching. Many fraudsters don’t bother creating emails that appear real, relying on strange sequences of letters and numbers instead, which are a very big, and very evident, red flag.
  • Adverse Media Screening - Newspapers, online publications and public records are a fundamental source of information to make sure there is no negative news related to a specific user’s email or name. Checking this sources at onboarding and then at periodic intervals helps financial services providers protect the integrity of their user base.
  • Company Information - When onboarding business customers or individuals who are using a business email, a robust verification must includes checking the web domain and company linked to the email, uncovering insights such as sector of operation, number of employees and annual revenue.

All of the above methods contribute to verifying that users are indeed who they claim to be.

The role of data breach history in user verification

Another powerful approach currently growing in popularity is leveraging data breach history, sourced from dark net libraries, to reveal vital information about the security and integrity of a set of contact details.

However, when examining data breach histories as part of the user verification process, it can be hard to interpret their significance. This happens because the presence of a certain set of contact details in a data breach can be a negative signal of risk, but also, in certain situations, a positive indicator of trust.

More specifically, when an email or phone number has been involved in a data breach, especially a recent one, this could signal a higher likelihood of compromise, indicating that the user’s information might have fallen into the hands of fraudsters. Or it’s possible that an email address that has no connected accounts and presents no matches in any data breach was newly created for fraudulent purposes. On the other hand, if the same set of contact details (email + phone number + full name) is consistently found in a limited number of data breaches, this could be a strong indication that it belongs to a real person with a strong digital footprint.

Identity intelligence platforms like Trustfull make it easy to interpret historic data leaks’ insights and use them to create a more comprehensive overview of the user, going beyond surface-level verification. By examining patterns of previous breaches, companies can better understand the history and trustworthiness of the contact details provided.

How to use Name Matching with Trustfull

Using open-source intelligence (OSINT), Trustfull’s powerful name matching tool enables businesses to cross reference sets of contact details, including full names, phone numbers and email addresses, bringing an additional layer of trust and accuracy to user verification.

Whether starting from a phone number or email address, the Trustfull platform checks a variety of data sources, including data breach records and associated online services or messaging apps, to retrieve potential names linked to the specific contact detail.

When returning an associated name, the system also provides an indication of the level of confidence for that specific match, as follows:

  • High confidence match - The name associated with accounts like Google and LinkedIn (for email addresses) or Skype and Facebook (for phone numbers) closely matches the information found in one or more data breaches.
  • Low confidence match - When screening historic data breaches, various first and last names appear, but none of them properly matches with information retrieved from different connected accounts. A more likely match is identified, but it’s flagged as “low confidence” due to the limited amount of corroborating signals.

As well as connected accounts and data breach history, email string analysis or phone number intelligence contribute to the confidence level of name matches. For example, an email address like "john.doe@example.com" can be used as a trust signal for the name match "John Doe," providing businesses with more confidence in the accuracy of the user’s identity. Phone number data, on the other hand, can reveal if a number has recently been reassigned, adding another layer of insight.

Through this data enrichment process, companies unlock valuable context that helps them better assess the legitimacy of users, reducing the risk of fraudulent sign-ups or synthetic identities. Digital signals offer a window into hidden details that would otherwise go unnoticed, allowing businesses to stay one step ahead of potential threats.

Going beyond name matching for stronger user verification

As digital interactions increasingly become the norm in the financial sector, businesses must go beyond traditional verification methods to protect themselves from fraud.  As well as the name matching methods explored in this article, fraud & risk teams can now access a variety of advanced tools for risk detection and user authentication.

Here are some additional components that fraud teams should consider when setting up a modern user verification system:

Face Match
Using image analysis in conjunction with email and phone data provides an extra layer of security. Image analysis on Trustfull is accomplished using Face Match, which ensures that the individual submitting the information aligns with previously gathered data, such as an email or phone record. Comparing images with other digital signals, companies can verify users with greater accuracy, reducing the risk of fraud and identity theft. This is particularly useful in cases where high-confidence verification is necessary, such as in financial services.  

IP Address Data
I would add it as another method that can be used to strengthen verification (e.g. does the geolocation of the IP address match the country code of the phone number provided and/or the country of the business associated with the email address?)

Device Detection
Device intelligence is another crucial element of user verification. This handy system helps to analyze the type, model, and unique hardware characteristics of a user's device, thereby allowing companies to ensure that the same device is being used consistently by a legitimate user. If there are discrepancies, such as a sudden change in device type or location, this could signal potential fraud. Device detection allows businesses to spot unusual behavior patterns early, preventing fraudulent activity before it occurs.

Browser Intelligence
Ensuring that the browser used to access your platform is legitimate is another layer of protection in the verification process. Browser intelligence tools perform hundreds of tests to check whether the browser is authentic or if someone is trying to mask their true identity. These tests help distinguish between human and non-human visitors, identifying cases where bots or malicious actors attempt to bypass verification processes.

For more information on how to enhance user verification via Trustfull, please reach out to our team of fraud prevention experts.

In this article:

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Read our latest articles

Read all
The Role of OSINT in Perpetual KYC
Article

The Role of OSINT in Perpetual KYC

Find out how OSINT strengthens perpetual KYC (pKYC) processes with real-time risk insights, event-driven monitoring, and continuous due diligence.
Learn more
Benefits of Non-Documentary Business Verification for E-Commerce
Article

Benefits of Non-Documentary Business Verification for E-Commerce

Let's talk about how non-documentary KYB checks using digital signals help e-commerce platforms onboard merchants faster and prevent fraud.
Learn more
Failure to Prevent Fraud Requirements in the UK: What You Should Know
Article

Failure to Prevent Fraud Requirements in the UK: What You Should Know

The UK’s Failure to Prevent Fraud offense holds companies accountable for internal and external fraud, with steps to mitigate risks effectively.
Learn more